← Kamee Fitness

Privacy Policy

Last updated: June 6, 2026

1. Who we are & how to contact us

Kamee Fitness ("we", "us") is operated as a sole proprietorship based in the Republic of the Philippines. We're the "data controller" for personal data described in this policy.

Privacy questions, data-subject access requests, or anything else covered here: email bayogjayr@gmail.com.

If you're in the Philippines, you can also lodge a complaint with the National Privacy Commission (NPC) at privacy.gov.ph.

2. Scope

This policy covers personal data we process through the Kamee Fitness mobile app and the kamee.fitness website. It applies to all users worldwide.

3. Data we collect

| Category | What | Why we collect it | Legal basis (GDPR) | | --- | --- | --- | --- | | Account & profile | email, name, profile image (from Apple/Google), birth year, fitness preferences (goals, schedule, equipment) | Create and personalize your account | Performance of contract | | Workout data | sessions, exercises, sets, reps, weights, notes, plan history | Sync across your devices; show your history | Performance of contract | | Heart rate | values read from Apple Health or a Bluetooth heart-rate strap during sessions | Show in-session metrics and post-session analysis | Performance of contract; explicit consent at the HealthKit / Bluetooth prompt | | Location | precise GPS during active outdoor walk/run sessions, AND during active buddy live-tracking sessions | Track route and distance; show buddies your live position | Performance of contract; explicit consent at the location prompt | | Buddy relationships | who you've added as a buddy, accepted invites | Power buddy features (presence, live tracking) | Performance of contract | | Device & diagnostics | device model, OS version, app version, crash logs | Debug and improve the Service; security | Legitimate interest | | Subscription receipts | receipts and entitlement status from Apple/Google, verified via RevenueCat | Unlock Premium features you bought | Performance of contract | | Ad-tier only — ad identifiers | IDFA (iOS, only if you granted App Tracking Transparency) or Google Advertising ID (Android); otherwise an on-device anonymous ID | Show ads on the free tier via AdMob | Consent (the ATT prompt on iOS / your Google Play ad settings on Android) |

4. What we don't collect — our privacy promises

We try to be specific about what we don't do, because vague privacy policies have made you rightly skeptical:

  • We never request access to your contacts, photo library, microphone, calendar, files, or browser history.
  • Kamy AI insights run entirely on your device using a local language model (llama.rn). Your workout data is never sent to a third-party AI provider like OpenAI, Anthropic, or Google.
  • We never sell or share your personal data with advertisers, data brokers, or any third party for their own purposes.
  • Buddy location is only visible to users you explicitly added as a buddy, and only while you're sharing a live session.

5. How we use your data

We use the data above to:

  • Provide and operate the Service (sync workouts, show stats, run buddy features)
  • Personalize plans and recommendations (on-device, via Kamy)
  • Process subscriptions via Apple and Google
  • Send service notifications you've opted into (session reminders, buddy invites)
  • Detect abuse, debug crashes, and improve reliability
  • Comply with legal obligations

6. Third-party processors

These companies process data on our behalf. They're under contract to use your data only for the purposes we ask them to:

| Processor | What it does | Region | Privacy policy | | --- | --- | --- | --- | | Supabase | Database, authentication, realtime, file storage | US/EU | supabase.com/privacy | | Apple Inc. | App Store distribution, Sign in with Apple, HealthKit, push notifications, in-app purchases | Global | apple.com/legal/privacy | | Google LLC | Google Play distribution, Google Sign-In, Firebase Cloud Messaging, AdMob (free tier only) | Global | policies.google.com/privacy | | RevenueCat | Subscription receipt validation and entitlement | US | revenuecat.com/privacy | | Netlify | Hosting for the kamee.fitness website | US | netlify.com/privacy |

Embedded YouTube videos. Exercise demonstration videos play through YouTube's embedded player (the YouTube IFrame Player), and only after you tap "Watch demo." Unlike the processors above, Google does not act on our behalf here — when a video loads, YouTube (Google) may set cookies and collect device and usage data as an independent controller, subject to Google's Privacy Policy (policies.google.com/privacy). We don't receive or control that data.

7. International transfers

Your data may be processed outside the Philippines, including in the United States and the European Union, by the processors listed above. For transfers to or from the EU/UK, we rely on the relevant Standard Contractual Clauses with our processors where required.

8. How long we keep your data

  • Active accounts: retained as long as your account is active so the Service can keep working.
  • Account deletion: when you delete your account in Settings, we delete your personal data within 30 days. Backups may retain copies for up to 90 days before they roll off.
  • Anonymized aggregates (e.g. total number of sessions per region) may be retained longer for product analytics.
  • Legal holds: we may retain data longer if required by law (e.g. tax records for paid subscribers).

9. Security

We protect your data with industry-standard measures:

  • TLS for all data in transit
  • Encryption at rest for the database
  • Row-Level Security (RLS) in Postgres so users can only access their own rows
  • Authentication via Apple Sign-In, Google Sign-In, and email one-time codes — we don't store passwords

No system is perfectly secure. If we ever experience a breach affecting your data, we'll notify you as required by applicable law.

10. Your rights

You have rights over your personal data. The specific rights depend on where you live:

If you're in the EU, UK, or EEA (GDPR / UK GDPR)

  • Access — get a copy of the data we hold about you
  • Rectification — correct inaccurate data
  • Erasure — delete your data ("right to be forgotten")
  • Restriction — pause certain processing
  • Portability — receive your data in a machine-readable format
  • Object — object to processing based on legitimate interest
  • Withdraw consent — for anything we process based on consent (e.g. ads, HealthKit)
  • Complain to your local Data Protection Authority

If you're in California (CCPA / CPRA)

  • Know what personal information we collect, use, and share
  • Delete your personal information
  • Correct inaccurate personal information
  • Opt out of "sale" or "sharing" — we don't sell or share your personal information, so there's nothing to opt out of
  • Limit use of sensitive personal information — we don't use it for purposes that require this option
  • Non-discrimination — we won't penalize you for exercising your rights

If you're in the Philippines (Data Privacy Act)

  • Access, rectification, erasure or blocking
  • Data portability
  • Damages for inaccurate, false, or unlawfully obtained data
  • Complain to the National Privacy Commission

How to exercise your rights

Email bayogjayr@gmail.com with your request and the email address on your Kamee account. We respond within 30 days (or as required locally — sometimes faster). We may ask you to verify your identity.

11. Children

The Service is for users 16 and older. We don't knowingly collect personal data from anyone under 16. If we learn that we've collected data from someone under 16, we delete it. Parents or guardians who believe their child has signed up should email bayogjayr@gmail.com.

12. Push notifications & email

  • Service notifications (session reminders, buddy invites, important account messages) are part of using the Service. You can turn them off in your device settings.
  • Marketing emails: we don't currently send any. If we ever do, we'll get your explicit opt-in first and you can unsubscribe at any time.

13. Changes to this policy

When we make material changes to this policy, we'll notify you in the app and update the "Last updated" date at the top. Continued use of the Service after a change takes effect means you accept the updated policy.

14. Appendix — Apple App Store privacy nutrition label

This table mirrors what we file in App Store Connect. It's here so reviewers and curious users can cross-check that our policy and our nutrition label tell the same story.

| Apple data category | Collected? | Linked to identity | Used for tracking | | --- | --- | --- | --- | | Health & Fitness (workouts, heart rate) | Yes | Yes | No | | Location (precise, sessions only) | Yes | Yes | No | | Contact Info (email) | Yes | Yes | No | | Identifiers (user ID) | Yes | Yes | No | | Identifiers (IDFA — free tier only, with ATT) | Yes (with ATT) | No | Yes (ads) | | Usage Data (session counts, feature use) | Yes | Yes | No | | Diagnostics (crash logs) | Yes | No | No | | Contacts | No | — | — | | Photos & video | No | — | — | | Audio data | No | — | — | | Calendar | No | — | — | | Browsing history | No | — | — | | Search history | No | — | — | | Financial info | No (Apple/Google handle all payment data) | — | — |

15. Contact

Questions, concerns, or requests? Email bayogjayr@gmail.com.